【JavaWeb】 接口鉴权

 

一年前写过一篇,叫Webservice校验机制,叫法不太对,就是接口鉴权

https://www.cnblogs.com/mindzone/p/15078436.html

 

这东西就是说,你提供给外部的调用的这个接口,并不是随便一个请求就能访问的,需要增加一个校验的逻辑

只有符合这个逻辑的调用方才可以访问使用你的接口,算是安全性的措施吧:

 

这篇新增加了一个更为简单一点的,代码量稍微少一点的案例:

 

首先是SHA256的加密类:

package com.yonyou.dmscloud.interfaceManage.utils;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;


/** 
 * @Description: 实现Sha256实例
 * @author: zkf
 * @date 2020年10月13日
 */
public class Sha256 {
    
    /** 
     * @Description: 
     * @author: zkf
     * @date 2020年10月13日
     * @param str 加密后的报文
     * @param encoder 编码方式(例:UTF-8)
     * @return String 
     */
    public static String getSHA256(String str,String encoder) {
        MessageDigest messageDigest;
        String encodestr = "";
        try {
            messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes(encoder));
            encodestr = byte2Hex(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        return encodestr;
    }

    /**
     * 将byte转为16进制
     * 
     * @param bytes
     * @return
     */
    private static String byte2Hex(byte[] bytes) {
        StringBuffer stringBuffer = new StringBuffer();
        String temp = null;
        for (int i = 0; i < bytes.length; i++) {
            temp = Integer.toHexString(bytes[i] & 0xFF);
            if (temp.length() == 1) {
                // 1得到一位的进行补0操作
                stringBuffer.append("0");
            }
            stringBuffer.append(temp);
        }
        return stringBuffer.toString();
    }

}

 

然后是接口处理的过程:

package com.yonyou.dmscloud.interfaceManage.utils;

import java.io.IOException;
import java.util.Date;
import java.util.Map;

import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicHeader;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import org.springframework.beans.factory.annotation.Autowired;


public class HttpClientJsonUtilShuZi {
    
    @Autowired
    Sha256 sha256 = new Sha256();
    
    /**
     * 数字门店鉴权字段 key
     */
    private static final String apiKey = "4EA18E9EFB1F0EB645AD17B6BA01BA40";

    /** 
     * @Description: 1.数字门店 Aibee-Auth-Sign=sha256(Method + URL + Date + ApiSecret) 
     *                     编码方式: UTF-8;+表示字符串拼接;Date: 请求的时间戳;Method: GET/POST/PUT/DELETE
     *                     URL: 即本文档提供的接口url,不带域名或ip、端口号(举例:/function/updateCustomerTag)。
     *                     ApiSecret: BABBED1ABEC3277092EE0BEE96A6D740
     *                     apiKey: 4EA18E9EFB1F0EB645AD17B6BA01BA40
     * @author: zkf
     * @date 2020年10月13日
     * @param url
     * @param json
     * @param map     map.get("method");
                     map.get("url");
     * @return String 
     */
    public static String doPostJson(String url, String json,Map<String,String> map) {
        // 创建Httpclient对象
        CloseableHttpClient httpClient = HttpClients.createDefault();
        CloseableHttpResponse response = null;
        String resultString = "";
        try {
            // 创建Http Post请求
            HttpPost httpPost = new HttpPost(url);

            // 创建请求内容
            StringEntity entity = new StringEntity(json, "utf-8");
            entity.setContentEncoding(new BasicHeader(HTTP.CONTENT_TYPE,"application/json"));
            httpPost.setEntity(entity);
            httpPost.setHeader("Content-type", "application/json");
            httpPost.setHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)");

            //获得时间戳
            String timeData = getTime();
            httpPost.setHeader("Date", timeData);
            //Aibee-Auth-Sign=sha256(Method + URL + Date + ApiSecret)
            String method = map.get("method");
            String notIpUrl = map.get("url");
            String apiSecret = "BABBED1ABEC3277092EE0BEE96A6D740";
            String aibeeAuthSign = method+notIpUrl+timeData+apiSecret;

            //Sha256加密
            aibeeAuthSign = Sha256.getSHA256(aibeeAuthSign,"UTF-8");
            httpPost.setHeader("Authorization", apiKey+":"+aibeeAuthSign);
            
            // 执行http请求
            response = httpClient.execute(httpPost);
            
            //获取结果实体
            HttpEntity entity = response.getEntity();
            
            if (entity != null) {
                //按指定编码转换结果实体为String类型
                resultString = EntityUtils.toString(htpEnti, "utf-8");
            }
            EntityUtils.consume(entity);
            //释放链接
            response.close();
            return resultString;

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                response.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }

        return resultString;
    }

    /** 
     * @Description: 返回时间戳
     * @author: zkf
     * @date 2020年10月13日
     * @return String 
     */
    private static String getTime() {
        Date date = new Date();
        long time = date.getTime();
        return String.valueOf(time);//获得时间戳
    }

}

 

posted @ 2022-03-21 21:54  emdzz  阅读(628)  评论(0编辑  收藏  举报